Cisco Cisco Web Security Appliance S380
12
Release Notes for AsyncOS 9.1.x for Cisco Web Security Appliances
Important! Actions Required After Upgrading
Step 1
On the System Administration > Configuration File page, save the XML configuration file off the Web
Security appliance.
Security appliance.
Step 2
On the System Administration > System Upgrade page, click Available Upgrades.
The page refreshes with a list of available AsyncOS for Web upgrade versions.
Step 3
Click Begin Upgrade to start the upgrade process. Answer the questions as they appear.
Step 4
When the upgrade is complete, click Reboot Now to reboot the Web Security appliance.
Note
Important! Do not interrupt power to the appliance for any reason (even to troubleshoot an
upgrade issue) until at least 20 minutes have passed since you rebooted. If you have an x80 or
x90 hardware appliance, do not push the power button until all LEDs are lit. If you have a virtual
appliance, do not use the hypervisor or host OS tools to reset, cycle, or power off the virtual
machine.
upgrade issue) until at least 20 minutes have passed since you rebooted. If you have an x80 or
x90 hardware appliance, do not push the power button until all LEDs are lit. If you have a virtual
appliance, do not use the hypervisor or host OS tools to reset, cycle, or power off the virtual
machine.
Step 5
Verify that the browser loads the new online help content in the upgraded version of AsyncOS:
Exit the browser and then open it before viewing the online help. This clears the browser cache of any
outdated content.
outdated content.
Step 6
Configure new functionality as desired. New features are typically not enabled by default.
Important! Actions Required After Upgrading
In order to ensure that your appliance continues to function properly after upgrade, you must address the
following items:
following items:
Upgrading from non-ISE Releases and AsyncOS 8.5 with ISE Preview
All AsyncOS versions that did not include ISE support (that is, all versions prior to 8.5.0-497), and the
limited-availability AsyncOS 8.5 “ISE Preview” release, did not require the Admin and pxGrid
certificates, which are necessary in all subsequent Cisco AsyncOS releases in order to enable ISE
support. Therefore, when you upgrade from a non-ISE release, or from an ISE Preview installation with
ISE enabled, the ISE feature will not operate correctly until the two additional certificates are provided
(go to Network > Identity Services Engine).
limited-availability AsyncOS 8.5 “ISE Preview” release, did not require the Admin and pxGrid
certificates, which are necessary in all subsequent Cisco AsyncOS releases in order to enable ISE
support. Therefore, when you upgrade from a non-ISE release, or from an ISE Preview installation with
ISE enabled, the ISE feature will not operate correctly until the two additional certificates are provided
(go to Network > Identity Services Engine).
Virtual Appliances: Required Changes for SSH Security Vulnerability Fix
Requirements in this section were introduced in AsyncOS 8.8.
The following security vulnerability will be fixed during upgrade if it exists on your appliance:
If you did not patch this issue before upgrading, you will see a message during upgrade stating that it
has been fixed. If you see this message, the following actions are required to return your appliance to
full working order after upgrade:
has been fixed. If you see this message, the following actions are required to return your appliance to
full working order after upgrade:
•
Remove the existing entry for your appliance from the known hosts list in your ssh utility. Then ssh
to the appliance and accept the connection with the new key.
to the appliance and accept the connection with the new key.